Smart Contracts and Data Privacy in the Wake of COVID-19

New Digital Asset-led webinar to address data privacy challenges in healthcare

As the healthcare lead for Digital Asset, I spend a significant portion of my time on issues of privacy. Healthcare and Life Sciences handle incredibly sensitive and personal health information. Any data system that holds or processes Protected Health Information (PHI) must make efforts to secure that information. My work in healthcare is just a subset of a larger, and longer running, discussion on privacy preserving techniques on distributed ledger and blockchain systems, for example complex technologies like zero-knowledge proofs. However, instead of talking about advanced cryptography, I want to briefly explore Digital Asset’s approach to building systems compliant with major healthcare data protection regulations like HIPAA and GDPR.

It’s important to note that “compliance” to these regulations is complicated. Compliance includes that the overall architecture, execution and on-going operation of a healthcare solution. It makes no sense to ask whether smart contracts, such as Daml, or any other individual solution component, is HIPAA compliant. Instead, let’s explore the options and tools that Digital Asset provides for solution designers and operators to meet their compliance obligations.

Below is a video I created explaining how enterprises can build compliant distributed ledger solutions using Daml. Check it out

Join in the discussion on September 2nd at Noon ET

Join me on Wednesday, September 2nd at Noon ET with Trinsic and Rethink Ledgers for a live demo and discussion about a Daml-driven app that was built to streamline the COVID-19 testing process, while retaining data privacy and with verified credentials. 

I expect a lively discussion about tracking diagnostic testing results and patterns, enabling verified credentials and planning appropriate response capacity, future vaccine distribution, and personal protective equipment (PPE) procurement. Plus, the role of blockchain technology; what’s better a centralized approach or a smart contracts-based solution? 

Reserve your spot today!

DAML covid 19 blog post

Using Smart Contracts for secure & scalable Covid-19 diagnostics and data management

Smart contracts offer a very innovative and secure solution to COVID-19 testing and data management. Such a solution can maintain desired levels of privacy, while allowing health providers or any other third party who are part of the network to securely view actual results or anonymized patterns and trends that can be used for managing the response strategies. Smart Contracts linked to Verifiable Credentials (a set of tamper-evident claims and metadata that cryptographically proves who issued it)  can also be used for consumers to be in control of their data regarding test or vaccine status and validity period. It also provides them with an ability to share this data in a secure and trusted way with others.

We’ll also be hosting a webinar on this topic on September 2nd. Register here to attend.

I’ll start by outlining the problem statement of having reliable medical test data available in order to perform analysis of infection rates, and also to manage the supply of any medical related supplies . Then I will outline a solution concept using smart contracts and verifiable credentials (a new W3C standard)  Finally, I will attempt to address some legitimate concerns around privacy and suitability of blockchain technology for this purpose. Thanks to Manish Grover from Digital Asset for his insights and inputs to this blog.

An Overview of Challenges

COVID-19 testing is fragmented across providers – medical facilities, labs, and software systems that provide digital interfaces to your results. You must submit screening information, be approved, take the test, and then get your results through a phone call or other paper-based means in several days. Although there may be in some jurisdictions still some regulatory hurdles, providing a digital experience for getting medical test results is nowadays the minimum digital experience that consumers want.  

The process of data collection, de-identification, and then propagating the data to CDC and the multiple state and local agencies is complex. It involves the use of multiple systems, different data file formats, and numerous places (think about pop-test centers)  where data must be matched and cleaned.

The constant transfer of data back and forth between so many different systems and applications is cumbersome, leads to multiple copies of data and various compliance challenges. Results have to be reported daily to the State Health agencies and other government agencies that can provide aggregated metrics to the public, while also planning for the most appropriate response strategies.

Consider now the supply chain and response management challenges. As providers and manufacturers try to make the right healthcare equipment and supplies available at the right time at the right place, responding to demand quickly is important. And as demand patterns change, sourcing these supplies from the right suppliers is challenging because they must be certified and on-boarded first. This problem was covered very well in this blog by Innover that focused on supply chain aspects of which matching demand based on testing patterns to supply was covered as well. Needless to say, we need robust solutions to manage our response that includes distribution of supplies and vaccines to the right places at the right time without having to cope with data quality issues as well.

Finally, let’s review citizen level aspects. Even though there is a debate around using technology to manage this, there is no doubt that so long as we can put the right guardrails around privacy and uniform accessibility then allowing consumers to be able to access and manage their testing results in a place that they can control is a good premise. When a citizen can be self sovereign over their own data without the need to access a myriad of healthcare providers, then it is maybe a step in the right direction 

A Solution Using Daml Smart Contracts & W3C Verifiable Credentials

As I outline the solution, I’m going to lean on 2 salient properties of Daml that will hopefully alleviate most concerns around using this technology:

  1. Daml guarantees privacy by way of rights and obligations. Data is stored so that it cannot be accessed unless the party accessing that data has been explicitly configured in the smart contracts to access it. This makes it very effective to avoid common database programming errors, and more easily meet compliance needs such as HIPAA.  
  1. Daml is interoperable across networks. So it means that multiple institutional entities need not make the same technology choices but still be able to atomically transact across enterprise boundaries without incurring the overhead of maintaining multiple data islands.   

Here is how the overall business process flow looks like.

This is how an Operator would onboard all the various parties. The parties will have an option to accept their registration into the system.

There are distinct advantages to such a solution. Smart contracts keep each party in control of their data, and enable them to access a single version of the truth kept in sync by Daml across one or multiple networks as setup.

For example, here is how the citizens have been granted the right to request a test on their role contract.

And the health clinic can look up their records and accept the test request, thus generating an appointment. The operator of the network is an optional observer on this process (this feature can also be used for regulatory compliance and reporting purposes).

Furthermore, the fact that such a network can be operated by a state agency as a trusted operator, allows for the immense technology simplicity of running this entire smart contracts system in a centralized manner, further improving governance and management of the network. 

Here is what the health clinic role may look like, indicating that a health clinic may not be registered without the operators approval:

Imagine also if our data can be stored in a way that is also GDPR compliant by storing proofs on the ledger (database or blockchain), and storing the actual personally identifiable data on a system that is still controlled by smart contracts but now can be made to comply with citizen requests for removal of their records as legally permissible. The possibilities are endless in how this system can be configured to meet the needs of the various parties. Due to the transparency of data lineage, and the fact that data contracts cannot be created without consent and required disclosures, it is also possible to streamline compliance to HIPAA regulations.

In this solution, we also built in the integration with Trinsic, a verifiable credentials app based on the W3C’s standards. It’s up to the consumer to connect their app to this network voluntarily, thus being able to produce their credentials on demand, in the manner they find most suitable.  

Citizens can be identified in the traditional way or by mean of a DID (Decentralized Identity). 

Here is how a health clinic (or the operator as required) can send the verifiable credentials to the citizens, who have already connected their app (Trinsic in this case) to the network. 

The actual results of the Covid19 Tests and in the future Vaccines Proofs are sent as a “Verifiable Credential” which is a secure and safe mechanism to send information between an 

  1. an issuer (Health Care facility)
  2. a holder (the citizen like you and me) and 
  3. a verifier (any other third party that is interested to know the results). 

In this case once received from the issuer,  the holder can specify what information is disclosed and the verifier can independently check the accuracy of the information. The integration with Trinsic is done through a secure API, while the audit log is kept on the ledger, for any forensic analysis that may be required later.


I hope this was a view into how we can dramatically streamline healthcare processes. The use of Daml smart contracts allows us to configure privacy and data safety as appropriate. 

Moreover, this approach eliminates the need for expensive data reconciliations and latencies which will lead to simplified technology architectures, better compliance, and more responsive response strategies.

We’ll also be hosting a webinar on this topic on the 2nd of September. Click the button below to register.

Register for this Webinar

Daml Webinar on “Smart Contracts, COVID-19, & Verifiable Credentials”


  1. For more information on Verifiable Credentials – check out Trinsic
  2. Video demo of this solution
  3. Download Daml 
  4. Checkout project:DABL here for hosting your Daml app. 

Unlocking New Investment Opportunities with Digital Assets

Digital Asset launches registry and exchange platform for new markets with Exberry

Digital assets are emerging as a new type of asset class that will change how products are bought and sold in the market. It’s a growing trend that converts ownership/rights to an asset into a digital token or representation of that underlying asset for a predefined value. From stocks to currency, cars, real estate, artwork, sports contracts and more, asset-backed tokens are primed to become the future of business.

Today, we are excited to announce that Digital Asset is helping to make this future a reality. We have teamed up with Exberry, an exchange technology pioneer, to create an end-to-end exchange infrastructure-as-a-service for modern markets, including digital assets. Combining the power of Daml, and the Daml-as-a-service platform – project:DABL – with Exberry’s cloud-based exchange technology, we can deliver a robust technology solution that will help businesses launch new markets, of any type, in a matter of days. The Exberry platform provides the power to run your exchange, while DABL fuels the essential exchange registry functions via Daml code and integrations on the DABL platform. This approach allows customers to validate their ideas without distraction and focus on building their business.

Learn More about VMware Blockchain with Daml

Why are we building exchange-traded technology for modern markets?

Over the past year, there has been a shift in interest from the institutional investor community in digital asset ownership. According to recent research from Fidelity Digital Assets, industry support at the institutional level is experiencing an upward swing, which should foster greater adoption. Based on a survey of nearly 800 U.S. and European investors, close to 80% of investors find something appealing about digital assets. The most attractive characteristics are diversification with other asset classes, exposure to an innovative technology play and high potential upside. The same report highlighted that 91% of institutional investors who plan to make an allocation to digital assets expect to have at least 0.5% of their portfolio in digital assets within five years. In the U.S., this portion has grown by eight percentage points relative to last year’s survey¹.

While the trends are encouraging, challenges do remain. Among them is having the right technology infrastructure in place. Building an end-to-end, modern exchange requires a low latency engine that supports millions of transactions and seamless integration with an authoritative registry that tracks the ownership of assets and manages every aspect of the settlement. Many of today’s exchanges operate with legacy technology that relies heavily on message-based connectivity. It is cumbersome, can take months to years to build using that technology and comes with a high price tag. A cloud-deployed exchange infrastructure addresses traditional exchanges’ limitations while significantly reducing cost and time to implement.

To that end, both DABL and Exberry have been built for modern marketplaces, delivering cloud-ready environments optimized with easy plug and play API integration. It’s an exciting time for digital assets as an emerging asset class and for us as a company. We are thrilled to be at the forefront, delivering an exchange-grade technology solution that will help foster the next generation of trading digital assets.

Click here to read the press release.

¹ The Institutional Investor Digital Asset Survey 2020 Review, Fidelity Digital Assets, June 2020

Enhancing Digital Customer Experiences Using Smart Contracts

Enhancing Digital Customer Experiences Using Smart Contracts – Part 1

In today’s connected world, personalization and context drive modern customer experiences and improve both retention and acquisition rates.

In this blog I will try to outline some of the challenges that enterprises face as they strive to provide these experiences, and how they can address them with an approach that uses smart contracts. 

In the most basic scenario, web developers can build on the reference Daml models outlined in this blog to execute their personalization strategies in their web applications. This use case also validates that the ROI of a smart contract based approach can be immediate.

About Daml Smart Contracts

First, just a quick overview of Daml. It is a purpose-built smart contracts platform aimed at creating multi-party workflows with strong privacy, rights, and obligations guarantees. Daml applications can run on multiple DLTs / blockchains and databases without requiring any changes (write once, run anywhere). You will use your favorite programming stack (React, .Net, Java, Python etc.) to work with the Daml smart contract layer.

As we’ll see in this blog, use of Daml allows multiple enterprise applications and business entities to mutualize their business processes, thereby minimizing reconciliations and disruptions caused due to data quality issues.

Daml uses the concept of “parties” to represent actors which can be individuals or entities. The disclosure and distribution of data is controlled by the roles these actors play. Actors can have rights (can take actions), be obligable (are accountable for the data they create), and be observers (they can see but not have any obligations or rights). 

Since the workflows we define in Daml can run on databases and blockchain alike, developers and business analysts need not think about the underlying platform intricacies. They can instead focus their energies on defining the business logic, which will automatically control the distribution and disclosure of data that the workflow generates. Using a chess analogy, focus on winning the game, not on negotiating the rules and setup of the board.

With that introduction out of the way, lets see how we can enhance digital customer experiences using Daml.

A conceptual maturity model for digital customer experience

As we think about personalization and context driven experiences, we often have to tackle the deluge of data coming from all over, decide what is important, and then take meaningful action over numerous channels. It can be overwhelming to think about the abundance of interactions taking place. 

It is often helpful to break down the problem into a model that can then be tackled piecemeal to drive incremental results and test them. Here is a framework that I came up with to help with my thought process. Needless to say, I’m sure you will need to tailor and customize this framework for your enterprise. Some of the concepts here are based on principles 2 and 4 of my book Connected! (reference 2 at the bottom if you’re interested). 

We can see from this model that customer information and preferences can be categorized into the multiple levels on the left. At the bottom are narrow product related relationships (e.g. e-statement preference for a credit card), at the middle level they span an organization’s relationship with the organization (e.g. customer LTV across products), and finally at the top is information that is driven from the ecosystem (e.g. customer relationships and behaviors across co-brand partners). 

On the right of the model we can see the inbound and outbound interactions that affect the information on the left. To manage this complexity of so many data sources, enterprises look to create customer data platforms. These platforms aim to integrate and consolidate customer experience in a single place so that it can be actionable and easily managed.

Although it seems simple in principle, maintaining customer preferences and information efficiently is a huge challenge for most enterprises given the complexity of the enterprise technology landscape, the many channels that customers can use today, and many different products & geographical locations that must be considered. 

At the same time, management of customer information and preferences also poses a compliance challenge. Due to regulations such as GDPR, it is important to ensure that we know exactly what customer information and preference is captured, who updated that information, who is using that information, and whether we are complying with the data usage and disposal requirements.

An Approach Using Daml Smart Contracts

Smart contracts provide an efficient and practical way to manage this complexity and make it more streamlined for enterprises. Just as cloud computing simplified provisioning and management of infrastructure tremendously, smart contracts help with managing multi-party business processes, and ensure that the underlying data being accessed by each application or entity is consistent and auditable.

In this part of this blog series (part 1), let me show you how Daml can ensure that updates are only permitted by the designated party, how an automatic audit trail is created, and how personalization can be easily driven.

Let’s walk through this journey taking a hypothetical example of a credit card company. Every customer can have multiple preferences. These preferences can range from what can be sent by email, whether they have opted out of marketing emails, have they signed up for daily balance alerts by email, and so on. The customer will also have a name and other such profile information. For simplicity I have limited the data structures used in the sample below.

Every user has a role. So when a new customer signs up with a credit card, we send them a role invitation. 

Customers have a right to accept or decline. In our case below, when they accept the terms and conditions we present to them, they confirm their role assignment. 

At the same time, a separate Daml contract that contains the profile of the customer is created. This construct also allows easy integration with SSO (Single Sign On) and onboarding processes.

It’s clear that the role and profile contract cannot be created by anyone other than the customer. And there is always a ready made audit trail that is available for reference. We could make this “event” visible to others to meet business process requirements. For example, the compliance department may need to know which new customers have been onboarded. For that Daml smart contracts provide a ready-to-use construct.  The users of the compliance department can simply be made “observers” (see reference 3) on a contract created during the onboarding process.

Now that we have the CustomerProfile contract, we can specify actions that customers can take to update their profile information. Every time, the profile is updated, an automatic audit trail is created because the old contract is archived, and a new one is created. 

In our example, only the customer is able to update their profile information. However, in many cases, it may be required for the customer service representative to be able to do it on behalf of the customers. In that case, we could temporarily delegate the authority to the customer service representative. An appropriate audit trail is also created. 

Effective Personalization & Profile Management

Since the CustomerProfile contract is unique to a customer, all web and mobile properties can retrieve this contract once they have authenticated the user. Using this profile contract, channels can create a personalized customer experience.  

Due to the unique properties of Daml smart contracts, common errors with customer data getting mixed up are not possible to make. In addition, any application can be sure that the customer profile they are receiving is the latest because all applications and channels are updating the same customer profile contract. I’ll cover more on this topic (and the schematic below) in Part 2.

As you can see from the above schematic, the enterprise technology architecture guidelines can still be maintained. Use of smart contracts does not mean that we do away with messaging and collaboration architectures. It just means that we redefine the endpoints and streamline the data movement. I’ll cover this also in more detail in part 2 of this blog series.


The Daml model outlined above can be used in the short term to achieve personalization and context driven experiences on all smart contract enabled customer facing channels. This is also a very efficient way for any organization that has a need to maintain customer preferences and currently has to synchronize multiple customer preference databases. It must be noted that since Daml runs on blockchains and databases alike, using smart contracts does not imply the use of a DLT or blockchain based ledger.

Creating personalized and contextual customer experiences are a must for enterprises in an increasingly connected and digital world. Customer data platforms are a common approach taken by enterprises to manage the many dimensions of data that are coming in from different channels, both internal and external. A smart contract based approach using Daml is a great way to simplify the complexity of organizing this data so that the benefits of a customer data platform can be maximized. Daml has also a new learn section where you can begin to code online:

Learn Daml online


  1. How to delegate authority in Daml
  2. Principles of customer engagement in a connected world
  3. Notifying compliance authorities when an action has happened using the Observer model

Daml and Privacy – HIPAA and GDPR

As the healthcare lead for Digital Asset, I spend a significant portion of my time on issues of privacy. Healthcare and Life Sciences handle incredibly sensitive and personal health information. Any data system that holds or processes Protected Health Information (PHI) must make efforts to secure that information. My work in healthcare is just a subset of a larger, and longer running, discussion on privacy preserving techniques on distributed ledger and blockchain systems, for example complex technologies like zero-knowledge proofs. But instead of talking about advanced cryptography, I wanted to briefly explore the “Daml driven” approaches to building systems compliant with major healthcare data protection regulations like HIPAA and GDPR. 

It’s important to note that “compliance” to these regulations is complicated. Compliance includes that the overall architecture, execution and on-going operation of a healthcare solution. It makes no sense to ask whether Daml, or any other individual solution component, is HIPAA compliant. Instead, it’s essential to explore the options and tools that Daml provides for solution designers and operators to meet their compliance obligations. The following are some examples of how Daml is enabling enterprises to build compliant distributed ledger solutions. 

Here is a video that I created so it is easier to understand those concepts:

Individual patient consent sits at the heart of both HIPAA and GDPR, as it does ethically for healthcare and life sciences. Compliant solutions must enable patient end-users to give their consent to data collection and processing. This is perhaps the easiest to demonstrate with Daml. As a language, Daml strongly enforces authorization and consent with simple primitives like Party and Signatory. In any workflow written in Daml, the ability for one party to affect is entirely dependent on the consent given by the second party. Without that consent, the following workflow of data collection, sharing or processing is impossible, making Daml an ideal tool for consent compliant workflows in healthcare and life sciences. 

Data Minimization

HIPAA and GDPR compliance require strict data minimization strategies. Minimizing the scope of the data for a process also minimizes the potential impact of a data breach or other exposure of PHI. When designing a Daml solution for sensitive and regulated data, the choice of what data to record on the ledger is a vital one. 

Fortunately Daml gives the designer a number of tools. For those who want to keep such sensitive data completely off-ledger but still want the value of Daml smart contracts, there are a number of well-documented design patterns. More fundamentally, Daml offers a core language feature for contract and transactional Observers. Observer parties can be used to share specific pieces of data without revealing the entire transactional data set, termed “sub-transactional privacy.”  

Secure Connections

Here, I don’t want to talk about cryptography that typically comes up in discussions of distributed ledgers. Rather, I want to briefly touch on the standard requirements for encryption in transit. Standard solution architectures include passing PHI to the Daml runtime to exercise choices within a defined workflow. Daml’s JSON API Service supports TLS as does the Ledger API though it’s language bindings. See this example of establishing secure connections through Java bindings


Beyond the  larger question of data protection and privacy compliance on distributed ledgers, regulations for PHI introduce new challenges. For example, many countries require all protected health information to be exclusively stored locally, raising serious challenges to a multi-node distributed ledger architecture. This, and other examples, demonstrate that there is no one ledger for all possible industries and use-cases. Daml addresses this issue by offering choice.

Daml Ledgers come in all shapes and sizes, and the range of options is constantly increasing. Rather than having to shoe-horn one’s ledger into the regulatory requirements, Daml gives solution developers the power to let the regulatory and other non-functional requirements to select the best ledger option. 

Daml has also a new learn section where you can begin to code online:

Learn Daml online